• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 419
  • Last Modified:

Windows Security : Domain Login Credentials on similar Domains

Hi there...

We have 2 sites, 1 in the UK, 1 in the USA, with 2 separate LANS, and 2 separate domains.
They are however linked by a VPN tunnel, but both have their own Active Domains.

We have 1 SharePoint site at the UK location.

We need to allow a USA user access to the UK SharePoint site.
I have therefore added a new user to our UK AD.

I can login to the SharePoint site from the UK with these new credentials, but when the user on the USA LAN tries, her laptop (Windows 7) switches the login username domain to her own domain.



The user should be logging in as :

Although she types this into her laptop in the Windows Security dialogue box,
underneath the username is still keeps

I'm assuming because she is on the OUR-COMPANY_USA domain, and the domains are so similar, that Windows auto-fills the domain and assumes it to be OUR-COMPANY_USA.

Is there a way of forcing it to OUR-COMPANY domain in these circumstances?

1 Solution
It may be easier to create a two way trust between the two domains.

SandeshdubeySenior Server EngineerCommented:
In order to add users in AD from one domain another domain either to computers/groups/AD,then you need to use AGDULP method. Also, add the DNS suffix in the clients NIC for faster domain location.

-Add the User Accounts to Global Groups> Global Groups to Universal Group> Universal Groups to Domain Local Groups > Domain Local Groups to the group you want to assign the permission.http://technet.microsoft.com/en-us/library/bb742592.aspx

Accessing resources across forests

You need to create trust for this:http://technet.microsoft.com/en-us/library/cc756852%28WS.10%29.aspx
Rich RumbleSecurity SamuraiCommented:
Right, a trust would make using one login able to work where ever you allow it to. So the USA login would work because you trust the USA domain user, and gave them permission.
But to answer your question, if the user put's the domain in front, even if it's very similar to the other, it should try that one. There are a two ways you can write the domain monikers, have them try:
But that should work just as well as usa_domain\username
When the login fails with a certain domain, windows does try the default/current domain.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

The Lifecycle Approach to Managing Security Policy

Managing application connectivity and security policies can be achieved more effectively when following a framework that automates repeatable processes and ensures that the right activities are performed in the right order.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now